| Methods and apparatus for efficient vpn server interface, address allocation, and signaling with a local addressing domain -> Monitor Keywords |
|
|
 
Methods and apparatus for efficient vpn server interface, address allocation, and signaling with a local addressing domainRelated Patent Categories: Multiplex Communications, Pathfinding Or Routing, Switching A Message Which Includes An Address Header, Message Transmitted Using Fixed Length Packets (e.g., Atm Cells), Multiprotocol Network, Emulated Lan (lane/elan/vlan, E.g., Ethernet Or Token Ring Legacy Lan Over A Single Atm Network/lan)Methods and apparatus for efficient vpn server interface, address allocation, and signaling with a local addressing domain description/claimsThe Patent Description & Claims data below is from USPTO Patent Application 20060034297, Methods and apparatus for efficient vpn server interface, address allocation, and signaling with a local addressing domain. Brief Patent Description - Full Patent Description - Patent Application Claims
FIELD OF THE INVENTION [0001] The present invention relates to communications systems and, more particularly, to methods and apparatus for efficient addressing delegation and/or assignment and/or signaling in a virtual communications network, e.g., a network supporting virtual private networks (VPNs) and one or more addressing domains. BACKGROUND [0002] Owners of Internet Protocol (IP) access infrastructure typically need to be able to wholesale their facilities to external Retail Internet Operators. The Layer 2 Tunneling Protocol (L2TP) is typically used today in such circumstances. The retail operator operates the Local Network Server (LNS) whilst the access wholesaler operates the Local Access Concentrator (LAC). The LNS and LAC are separated by a switched connection, and L2TP provides an IP tunnel between the LAC and LNA for forwarding of Point-to-Point Protocol (PPP) frames and users' IP packets. [0003] The user is authenticated and authorized using PPP mechanisms and then obtains an IP address from the LNS prefix. The PPP access, LAC and L2TP tunnel then hides that retail address from the wholesale IP routing capabilities. A number of problems are apparent with this architecture when applied to the wholesaling of a mobile wireless access infrastructure. Firstly, placing a LAC at the Access Router in a mobile network, where the Mobile Node (MN) changes Access Routers frequently, creates the need to hand-off a large amount of PPP and L2TP state between Access Routers. In addition, L2TP and PPP themselves are not designed for hand-off and no signaling exists in either protocol to facilitate hand-offs efficiently. [0004] Mobility management in the wholesale domain instead typically requires Mobile IP between the Mobile Node (MN), Foreign Agent (FA) and a Local Home Agent (LHA) in the wholesale domain. This ensures that hand-off signaling is isolated to the wholesale domain to ensure low latency and high availability. MIP already provides capabilities for authentication, authorization and address assignment from a prefix at the LHA. PPP is not then required. MIP was not however designed with wholesaling in mind and a number of additional problems are apparent. [0005] 1) A Virtual Private Network (VPN) needs to be established between a VPN Server in the retailer domain and the LHA in the wholesaler domain so that the retailer is responsible for packet forwarding to and from the Internet. [0006] 2) The LHA needs to obtain delegated prefixes from that VPN Server in the retail domain so that the addresses assigned to the MN are retailer addresses. [0007] 3) The LHA needs to be able to forward packets from multiple retailers, when each retailer is delegating addresses from private address space. This means that the customer's address is not globally unique in the retailer's network, and especially in the FA and LHA. [0008] 4) The VPN Server needs to be kept informed by the LHA of what happens to those delegated addresses so that the retailer can manage the retail mobile service given to its customers in that wholesale domain. [0009] In view of the above discussion, it is apparent that there is a need for improved methods and apparatus to provide a more efficient architecture and more efficient signaling to facilitate the hand-off signaling and packet forwarding between retail Internet operators and wholesale Internet operators. Methods and apparatus directed to efficiently establishing and maintaining VPNs between VPN servers in the retailer's addressing domain and a LHA in the wholesaler's addressing domain are needed. SUMMARY OF INVENTION [0010] The present invention is directed to providing a novel signaling message(s) to enable a retailer to automatically delegate address prefixes to a LHA with which it has a VPN connection. Delegated addresses remain identified as coming from a specific VPN server in the addressing domain of that specific server because the addresses are routable at that specific VPN Server but are not at other servers. In addition, the delegated addresses can include constraints that are used by the LHA to ensure that the delegated addresses are constrained to being assigned only to retailer customers that have a property that meets the identified constraint. [0011] Other features of the present invention relate to how the delegated addresses are associated with a routing entry in the LHA that is independent of the address value but is instead associated with the VPN connection with the VPN server. This ensures that each of the packets from/to retailer customers that have been assigned an address from a specific VPN server are forwarded via that server. This is because neither the source or destination address of the customer's packets can be used for routing. This routing entry in the LHA is determined, for upstream packets traveling towards the VPN server, by information in the packet arriving at the LHA that identifies the VPN server that delegated the packet source address of the packet to the LHA. Therefore every arriving packet is specifically identified as being from one of many retailers connected to that LHA. [0012] Still other features of the invention are directed to forwarding checks in the LHA for packets determined to be destined for the VPN server to ensure that the source address of the packet is both a delegated address from the VPN server, has also been assigned to a MN in the wholesale domain, and the location of the packet sender is the same as has previously been reported to the LHA for that MN and assigned address. [0013] Various aspects of the invention are directed to the process of address assignment at the LHA of an address previously delegated by the VPN server, where the address assignment request from the mobile node includes the retailer domain of the MN so that the address can be given from one of the VPN servers in that retailer domain. The novel address assignment request message of the invention also can include an additional property of the MN that can be used by the LHA to guide address assignment. The property of the MN may be matched to the constraints delivered by the VPN server during delegation. [0014] A novel address assignment response message of the invention that is used to return the address to the MN, can further include the information that associates that address with a specific routing entry in the LHA that points to the delegating VPN server. This information is delivered either to the MN itself, or the FA, to be used in the MIP tunnel encapsulation for upstream packets at the LHA. The LHA can then detect this information, associate it with the routing entry for the delegating VPN server, and then identify the upstream VPN interface at the LHA towards that VPN server. [0015] In accordance with some embodiments of the invention, the invention is directed to a method whereby the address assignment request message triggers the delegation request message, rather than using an address in the LHA that was previously delegated. This is useful when the VPN server itself wants to undertake assignment based on the received MN properties and authentication information, or when there are no remaining delegated addresses that are unassigned at the LHA. [0016] Another feature of the invention is directed to a novel address assignment information update message so that on assignment, the LHA can inform the VPN server of the assignment event, as well as information about the MN that was assigned the address such as the NAI, location information or any of determined property. This information update message can also, in some embodiments, be used to periodically report the location of the MN to the VPN Server, as the MN moves across the wholesale access routers. [0017] Still another feature of the invention is directed to a novel delegated address information update message that is used to inform the VPN server of the status of the addresses that were delegated to the LHA from that VPN server, or from any VPN server in the retailer domain. This information includes the number of addresses assigned or unassigned from the domain, from that VPN server, for each category of addresses and/or for each type of constraint. This information can, in some embodiments, be used at the VPN server to trigger additional address delegations to top-up the available addresses at the LHA. [0018] One feature of the invention is directed to a novel start synchronization message which is used by the LHA to periodically inform the VPN server of how long it has been operating so that the VPN server can detect if the LHA has failed since the last report, and then so that the VPN server can repopulate the state at the LHA that might have been lost during the restart. The synchronization message can, in some embodiments, further include a summary of state at the LHA that the VPN server can compare to its own state to see if they are equal. BRIEF DESCRIPTION OF THE FIGURES [0019] FIG. 1 is a drawing of an exemplary communications system implemented in accordance with the invention and using methods of the present invention. [0020] FIG. 2 is a drawing of an exemplary first node, e.g., an exemplary LHA node, implemented in accordance with the present invention and using methods of the present invention. [0021] FIG. 3 is a drawing of an exemplary second node, e.g., an exemplary RHA node, implemented in accordance with the present invention and using methods of the present invention. [0022] FIG. 4 is a drawing of an exemplary third node, e.g., an exemplary end node such as a MN, implemented in accordance with the present invention and using methods of the present invention. [0023] FIG. 5, which comprises the combination of FIGS. 5A, 5B, 5C, and 5D is a flowchart illustrating exemplary methods of the invention including operations that are performed by exemplary first (LHA), second (RHA), and third (MN) nodes, in accordance with the present invention. [0024] FIG. 6 is a drawing illustrating exemplary forwarding, including encapsulation in tunnels, of an exemplary data packet in the exemplary system of FIG. 1, in accordance with the present invention. Continue reading about Methods and apparatus for efficient vpn server interface, address allocation, and signaling with a local addressing domain... Full patent description for Methods and apparatus for efficient vpn server interface, address allocation, and signaling with a local addressing domain Brief Patent Description - Full Patent Description - Patent Application Claims Click on the above for other options relating to this Methods and apparatus for efficient vpn server interface, address allocation, and signaling with a local addressing domain patent application. ###  How KEYWORD MONITOR works... a FREE service from FreshPatents1. Sign up (takes 30 seconds). 2. Fill in the keywords to be monitored. 3. Each week you receive an email with patent applications related to your keywords. Start now! - Receive info on patent apps like Methods and apparatus for efficient vpn server interface, address allocation, and signaling with a local addressing domain or other areas of interest. ### Previous Patent Application: System and method for sharing an ip address Next Patent Application: Private network-to-network interface Industry Class: Multiplex communications ### FreshPatents.com Support Thank you for viewing the Methods and apparatus for efficient vpn server interface, address allocation, and signaling with a local addressing domain patent info. IP-related news and info Results in 0.16677 seconds Other interesting Feshpatents.com categories: Qualcomm , Schering-Plough , Schlumberger , Seagate , Siemens , Texas Instruments , 174 |
 * Protect your Inventions * US Patent Office filing 
PATENT INFO |
|
